Over the last six months, Ocuco have spent a great deal of time consulting with customers and Data Protection experts, understanding their interpretation of the new regulation and have created a version of See20/20 that assists with the compliance process.
This area allows the capture of consent based on the reason for communicating; Recall or Marketing.
Communication Channel Preferences:
The patient can opt-in or out of each method of communication – Letter, Email or SMS.
The preferred channel of communication for Recall and other activities can be recorded here also.
Configuration of the Data Processing Screen :
See 20/20 now provides the admin user with the ability to set up templates and texts required to comply. Having these built into the software is not a requirement, but Ocuco have invested in this development in our commitment to continuous improvement and adding value.
Configuration covers the following topics all of which are part of making compliance easier for the practice owner.
Deletion or removal from processing can be carried out within See20/20 with a second level of authorisation required.
Should a patient request information on what data is stored and how it is used, the See20/20 user can print or show a patient on screen a Data Processing Agreement.
Should patients request access to the data stored on them, this can easily be provided in XML format.
All data can be edited and mistakes/incomplete information rectified as needed. See/2020 also has an audit trail.
Patients can easily be removed from recall or marketing so that they will not appear in any communication lists. For those who remain, it is also possible to choose which media channel they prefer, email, letter or SMS.
Should patients request access to their data stored, this can easily be provided in XML format.
The patient’s right to object can be upheld by removing them from all processing. Practice owners should review their legal basis for processing, i.e. ongoing legal case, etc. and understand the circumstances under which they remove the patient from processing.
Patients will not appear in the marketing module if they have opted out. If you were making decisions based on profiling your patients, then the patient has the right to be excluded from this using the marketing flag.
Compliance is also met in the following three areas
When an eye exam is complete, the data being stored is relevant and necessary to the performance of the contract with the patient. Consent for non-contractual operations such as marketing can be recorded directly into the practice management system or documented and uploaded.
See20/20 has inbuilt security rules covering both patient records and application access, passwords authentication with use and role-based access to functions and screens. Files (referral letters, images, uploads) held securely within the database.
See20/20 is a hosted system, so a separate backup is not required by the practice. The data centre where See20/20 is housed, backs up the server and can restore individual practice database.